Bug ID 455391: Bad parsing of query string in URL with authentication

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014
Severity: 3-Major

Symptoms

ASM bypass techniques discovered during Pentest.

Impact

Causes ASM to misbehave within the query string parser, and fails to detect relevant malicious requests.

Conditions

Request with authentication URL.

Workaround

N/A

Fix Information

We improved how the system parses query strings in absolute URLs.

Behavior Change